August 27, 2019

Source code
management site GitHub is the latest company
to support WebAuthn – a new standard that makes logging
into online services using a browser more secure.

WebAuthn is short
for Web Authentication and it’s a protocol that lets you log into an online
service by using a digital key. It’s a core part of FIDO2, a secure login protocol
from the FIDO Alliance, which
encourages industry support for these secure login standards.

GitHub, which
Microsoft bought
for $7.5bn last year, has been doing its best to secure peoples’ accounts
with more secure logins for a while now. Back in 2013, it announced
support for two-factor authentication (2FA) via SMS text messages and 2FA
apps on a mobile phone. Then, in October 2015, it launched support for
universal second factor (U2F) authentication. This was a FIDO specification
that allowed the use of a hardware key as a 2FA mechanism.

WebAuthn
supersedes U2F and offers everything the older standard did along with some
additional benefits:

It upgrades GitHub’s 2FA support to
the latest industry standard. The World Wide Web Consortium (W3C), which
oversees many of the standards that make up the web, approved
WebAuthn as an official standard in March 2019.

While you can use a third-party
hardware security key to use WebAuthn, in many cases you don’t need to.
You can also use a digital key stored on your phone instead, turning the
phone itself into your hardware key.

WebAuthn can be a primary access
factor. U2F still needed a password to gain access, meaning that it could
only ever be a second factor in your login process. The U2F-based physical
key effectively said “yes, the person entering that password is legit,
because I am in their possession”.

Wooo, fancy – a
guy who phished more than 100 companies out of nearly £1m (around $1.1m) in
cryptocurrency used some of that money to sit his butt down in a first-class
carriage on the train. That’s how
they caught him, actually – with “his fingers on the keyboard” as he was
logging in to a dark web account on a train between Wales and London back in
September 2017.

Flash forward two
years, and Wooo-HOOOOO, it’s payback time!

As in, literal
payback. London’s Metropolitan
Police announced on Friday that Grant West, who was 25 when police arrested
him on that train and who is now 27, has not only been jailed for fraud after
carrying out attacks on more than 100 major brands worldwide, including Apple,
Uber, Sainsbury’s, Groupon, T-Mobile, Ladbrokes, Vitality, the British
Cardiovascular Society and the Finnish Bitcoin exchange.

He’s also been
ordered to pay back the money he ripped off.

Goodbye,
cryptocurrency: when Southwark Crown Court gave West ten years and eight months
jail time, the judge also said that his ill-gotten loot would be sold and that
the victims will receive compensation.

I therefore
order a confiscation of that amount, £915,305.77, to be paid as a way of
compensation to the losers.

Some of it’s
frozen and being held by the FBI, and all of it’s fluctuating madly, as
cryptocurrencies do, which has made it tough to figure out exactly how much to
give victims.

West has to agree
to release the funds from his accounts, but there’s not much of a choice there:
he’d be looking at four additional years in jail if he were to refuse, the
judge said.

West did, in
fact, agree to give up the money, which reportedly included ethereum, bitcoin
and other cryptocurrencies. Unfortunately, victims won’t be able to claw back
the money West blew on his fancy travel: besides his first-class train habits,
he also blew the money on holidays, food, shopping and household goods.

ACS

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC. We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.